[go: up one dir, main page]

US6154843A - Secure remote access computing system - Google Patents

Secure remote access computing system Download PDF

Info

Publication number
US6154843A
US6154843A US08/822,303 US82230397A US6154843A US 6154843 A US6154843 A US 6154843A US 82230397 A US82230397 A US 82230397A US 6154843 A US6154843 A US 6154843A
Authority
US
United States
Prior art keywords
computing device
network
task
user
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US08/822,303
Inventor
Edward C. Hart, Jr.
Casey Lang Kiernan
Vij Rajarajan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US08/822,303 priority Critical patent/US6154843A/en
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HART, EDWARD C., JR., KIERNAN, CASEY LANG, RAJARAJAN, VIJ
Application granted granted Critical
Publication of US6154843A publication Critical patent/US6154843A/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]

Definitions

  • This invention relates to the field of secure remote access computing and in particular to a system for supporting secure remote access computing from an unsecured computing device to a secure computing device by way of a public communication network.
  • a variety of techniques have been used throughout the history of computing to establish secure access to computing resources on a local computing device from a remote computing device.
  • One technique often used by government facilities and private research facilities is to require the physical presence of a user that intends to use a secure computing device. Requiring the physical presence of a user facilitates a highly secure computing environment and restricting physical access to a computer is relatively easy.
  • requiring a user's physical proximity to a computing device severely limits the options for a system administrators, for example, who must provide 24 hour-a-day support for a secure computing device. Even if an off-site administrator has the knowledge and/or authority to deal with a situation on the a given computing device, the situation can not be immediately addressed without remote access.
  • the lack of remote access is only an inconvenience if the off-site administrator is only tens of minutes from the secure computing device, the lack of remote access is significant if the off-site user is tens of hours or days away from the computing device and communicating passwords and/or other instructions by a telephone conversation with a local user is a security breach.
  • One alternative technique for establishing secure remote access to computing equipment in a computing facility is to allow remote access from a remote computing device to a local computing device by way of a private communication medium.
  • the private communication medium might be, for example, a dedicated "hard wired” communication link or a MODulator DEModulator (MODEM) "dial-up" communication link on the private communication medium.
  • MODEM MODulator DEModulator
  • One advantage to secure remote access by way of a private communication link is that the local computing device and the remote computing device can remain under exclusive physical control along with the private communication medium therebetween. However, even this type of secure remote access environment can be a significant problem if the remote computing device is not readily available to the off-site user at the off-site user's present location.
  • Another alternative technique for establishing secure remote access from a remote computing device to a local computing device is to establish remote access by way of an encrypted and/or password protected MODEM dial-up connection over a public communication medium.
  • One advantage of this type of remote access is that the off-site user can establish access to a local computing device from any remote location that offers MODEM access to the public communication medium.
  • password protection and/or encryption techniques are widely known and used in the industry, the remote computing device being used must support the type of encryption technique being used by the local computing device.
  • Another disadvantage is that special terminal emulations and/or hardware specific requirements often exist that can preclude the use of simply any remote computing device. Thus, even the added flexibility of using a public communication medium can be severely limited without a remote computing device that meets some minimum of support for specific hardware and/or software requirements.
  • Another disadvantage of remote access by way of a MODEM dial-up connection over a public communication medium is that any user having a computing device, a MODEM, and access to the public communication medium, can attempt to access the local computing device without permission.
  • Many unauthorized users that have broken into a local computing device have demonstrated that once a user has gained access to or is "into" the local computing device, the unauthorized user may have unrestricted access to many files and even other computing devices in a local network, often leading to destructive or at least disruptive results.
  • the present invention solves the above stated problems by supplying the necessary computer program intelligence, user interface features, and security measures for a remote computing device to communicate with a secure local computing device over a public communication network connection.
  • the invention allows any unsecured remote computing device to define and execute a task on a local device in a private network by way of a secure network interface device.
  • the secure network interface device is the secure gateway to the private network.
  • the remote computing device and the secure network interface device need only communicate by standard protocols and instructions that are well known and used by users of the public communication network.
  • the remote computing device can be any ordinary unsecure device such as a personal computer that has modem access to the public communication network.
  • the security of the system results first from password protected access to the secure network interface device and second from a customized real-time program generated by the secure network interface device for execution on the remote computing device.
  • the customized program supplies the remote user with a user interface in which to formulate the desired task and only enough information about the local target computing device or private network for the remote user to formulate the requested task.
  • the remote user is only allowed to formulate a specific task or tasks and the task must be one that the remote user would be authorized to execute if the user were local to the target computing device or private network.
  • the secure network interface device is the only device that is allowed to execute the requested task on behalf of the remote user.
  • the remote user is never logged into any computing device other than the remote computing device, and the remote user never has direct contact with the target computing device or private network on which the requested task is operating.
  • the remote user of the remote computing device establishes an operable communication link between the remote computing device and the secure network interface device by way of the public communication network.
  • the remote user identifies a task that the remote user wishes to execute on at least one device in the private network.
  • the desired task is communicated to the secure network interface device along with any necessary authorization and/or permissions.
  • the secure network interface device verifies that the remote user has permission to execute such a task or tasks on the desired device of the private network.
  • the secure network interface device dynamically generates a custom program for the remote user to execute to define the parameters necessary to construct an executable task.
  • the defined parameters are communicated back to the secure network interface device where the task is executed by the secure network interface device on behalf of the remote user.
  • the remote user is never allowed direct contact with the target computing device on which the requested task is executed.
  • the public communication network is the Internet, also known as the World Wide Web.
  • the remote computing device and secure network interface device communicate over the Internet by way of customized Web pages.
  • the remote user connects to the private network's Internet site on the secure network interface device as identified by the Universal Resource Locator (URL) protocol.
  • the remote user's task preferences are revealed to the secure network interface device and the remote users security privileges are checked to determine what tasks the remote user is allowed to perform on what devices in the private network.
  • the secure network interface device dynamically generates a customized Web page that supplies the remote user with a set of customized program code that includes but is not limited to a Web page user interface any network specific information that is needed for the remote computing device's Web browser to function as a local device would within the private network.
  • the remote user defines the specific activity that is to take place by executing the specified task and the specific activity and any associate parameters are communicated back to the secure network interface device where the task is executed on a target computing device or devices in the private network.
  • the secure network interface device executes the specified task on the private network by way of a secure link to the private network without exposing any device in the private network to the remote user specifically or the open Internet generally.
  • FIG. 1 illustrates a secure remote access computing system configuration in block diagram form
  • FIG. 2 illustrates an overview of the secure remote access computing system operational steps in flow diagram form.
  • FIG. 1 illustrates a block diagram example of a system configuration 100 for the secure remote access computing system of the present invention.
  • the computing device configuration 100 illustrated in FIG. 1 includes, but is not limited to, a remote computing device 110, a public communication network 120, a local computing device 130, and a target computing device or private network 140.
  • Remote computing device 110 can be any computing device that supports computing essentials including, but not limited to, a processing complex, a memory, a human readable output device, and a human user controlled input device.
  • a human readable output device typically includes an electronic display device
  • a human user controlled input device typically includes a standard keyboard and/or a screen display pointer device often known as a mouse.
  • One additional and essential feature of the remote computing device 110 is that it is configured with whatever minimum requirement of software and/or hardware that is necessary to access another computing device by way of the public communication network 120. Examples of commonly available computing devices that can fill the role of remote computing device 110 include, but are not limited to, a personal computer, a workstation, a multi-user computer, and a network computer.
  • Remote computing device 110 is operatively connected to public communication network 120 by remote communication link 122 that can be either a wire or wireless connection by any means well known and widely used in the communication industry.
  • Public communication network 120 is any bidirectional network accessible to the general public from computing devices such as remote computing device 110 that is a device widely available to the general consumer public. Connectivity to public communication network 120 is available by way of private server nodes often supported by private corporations, public and private educational institutions, not-for-profit organizations, government installations, or commercial for-profit service providers that are all well known and available in the industry.
  • the public communication network 120 is commonly referred to as the Internet, also known or loosely referred to as the Net, the Information Super Highway, the World Wide Web, and the Web.
  • the Internet for purposes of the present disclosure is not to be confused with electronic mail, bulletin boards, or USENET news or discussion groups that often accompany but are not part of and are beyond the scope of the present invention.
  • the Internet is the network of computing devices or nodes, whether individually hardware and/or software compatible or not, that communicate or otherwise interact with each other by some combination of protocols and languages.
  • Common Internet protocols and languages include but are not limited to, the Transmission Control Protocol/Internet Protocol (TCP/IP), the Telnet command and terminal emulator protocol, the HyperText Transfer Protocol (HTTP), the HyperText Markup Language (HTML) programming language of the Internet, and the Uniform Resource Locator (URL) protocol for identifying documents on the Internet.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • HTTP HyperText Transfer Protocol
  • HTML HyperText Markup Language
  • URL Uniform Resource Locator
  • a URL document may also be loosely referred to by names including, but not limited to, Web page, Home page, Web site, Internet site, Web address, Location, and Link.
  • Web browser converts raw HTML coding into a graphical display on a computing device for viewing by a human user.
  • a multitude of commercial Web browsers are readily available in the industry for virtually every computing device designed and/or made publicly available after or about January 1992.
  • Local computing device 130 also known as an Internet Interface Device (IID) when acting as a private network 140 gateway, has at least the same and typically more computing features and/or capabilities than the remote computing device 110.
  • IID Internet Interface Device
  • local computing device 130 supports a publicly accessible Web site having a URL address in the preferred embodiment.
  • the local computing device 130 is operatively connected to public communication network 120 by local communication link 121.
  • Local communication link 121 can be either a wire or wireless connection supported by any of several techniques that are well known and widely used in the communication industry.
  • Local computing device 130 can be an endpoint target itself and/or it can be operatively connected to private network 140, as in the preferred embodiment, by way of a private network link 145.
  • the local computing device 130 When connected to a private network, the local computing device 130 is the secure network interface device that acts as a fire wall or gate keeper to control remote access to the private network 140.
  • Local computing device 130 is also the only outside computing device that is allowed to communicate with computing devices within the private network 140 on behalf of any remote computing device including remote computing device 110. Alternatively, local computing device 130 may be considered the only target device with which remote computing device 110 wishes to communicate.
  • Private network 140 can be any configuration of one or more computing devices having any type of connectivity.
  • private network 140 is an intranetwork of N computing devices 141-144 interconnected by a Local Area Network (LAN) 145.
  • LAN Local Area Network
  • FIG. 2 illustrates an overview of the secure remote access computing system operational steps 200 in flow diagram form.
  • the operational steps 200 begin at step 208 and proceed to step 215.
  • a user that is remote from private network 140 locates a designated local computing device 110 that is capable of communicating with a remote computing device 130 by way of public communication network 120.
  • the first local computing device 110 is a personal computer or network computer that is configured with a Web browser, a MODEM or other communication device suitable for communicating on remote communication link 122, and sufficient memory and computing power to interact with another computing device over the Internet 120.
  • the advantage of communicating over the Internet 120 is that Web browser equipped computing devices are increasingly prevalent in the business community and in private homes. The result of this proliferation of Web browser equipped computing devices is that a suitable remote computing device 110 can be easily located anywhere in the world.
  • the remote user Having located a suitable remote computing device 110, the remote user establishes communications from the remote computing device 110 to the local computing device 130 at step 221 by way of public communication network 120.
  • the communication is established by dialing or otherwise contacting an Internet Service Provider (ISP) or other private Internet service connection source that can provide connectivity to the Internet.
  • ISP Internet Service Provider
  • a request to communicate with the local computing device 130 is made by entering a URL command communicated with the HTTP protocol.
  • a typical URL uses syntax such as "http://www.microsoft.com" for example.
  • the remote user that has established communication from the remote computing device 110 to the local computing device 130, can specify or otherwise request the type of processing capability that is desired to accomplish a particular task on the private network 140 from remote computing device 110.
  • the network administrator would request from local computing device 110 the processing capability needed to perform a specific administration task.
  • the remote user would make an administrator type request by entering a description of the specific task or by selecting from a Web page supported list of specific tasks that the network administrator is authorized to perform if the network administrator were present at the local computing device 130. Determining the level of the administrator's authorization is accomplished by password protection and/or other similar security authorization code uniquely known only to that individual remote user.
  • the local computing device 130 generates a custom network page that includes custom programs unique to the task requested by the remote user in response to the command request made in step 230.
  • the customized program may include, but is not limited to, data specific to the private network 140, a custom user interface specific to the type of command access requested, and custom program code specifically designed to support information gathering from the remote user and to support executing the requested command or commands on the private network 140 by way of local computing device 130.
  • the custom programs include a customized Web page that is HTML compatible and that contains custom Web page type interface support and network specific data necessary to supply the remote network administrator with the interface tools and network specific information that are unique to the private network 140.
  • the custom Web page and custom programs are expressly limited to the scope of the requested task that the remote user is authorized to perform.
  • the data specific to the private network 140 may include network configuration details, network administration parameters, and/or machine or node specific information such as passwords or network address information.
  • the local computing device 130 downloads the customized programs of step 232 using standard public communication network 120 protocols and standard network browser programming language code, to the remote computing device 110.
  • the downloaded programs give the remote user the ability to "perform" the desired task by running the downloaded program on the remote computing device 110 host.
  • the remote user has the same level of access authorization and control over private network 140 as if the remote user were actually sitting in front of and logged onto local computing device 130.
  • the customized Web page of step 232 is delivered to the remote computing device 110 Web browser using standard Internet protocols and HTML programming language code.
  • the remote computing device 110 that had minimal capability and was previously unaware of any specific private network details now has all the capability needed to complete the specific task requested by the remote user to the same extent as if the network administrator were entering the commands on local computing device 130 or any other computing device within private network 140.
  • the remote user transmits the instructions, commands, parameters, and/or other information that is necessary for the local computing device 130 to execute the task requested by the remote user. If all authorizations and permissions remain satisfactory at step 254, the local computing device 130 executes the completed command or task on behalf of the remote user. Key to this surrogate relationship is that sensitive tasks, programs, and/or commands are executed by way of a local computing device 130 and its secure communication link 145 to private network 140.
  • Remote computing device 110 never has direct contact with private network 140 and is never logged into the local computing device 130 or any computing device within private network 140.
  • local computing device 130 acts as a secure Internet Interface Device (IID) that protects each node in private network 140 from direct contact with the open Internet where unauthorized users or pirates might otherwise gain access and damage parts or all of the private network 140.
  • IID Internet Interface Device
  • step 260 if all processing needs of the remote user have been satisfied, the remote user disconnects the remote computing device 110 from the public communication network 120. Processing stops at step 268.
  • the secure remote access computing system supports the necessary intelligence and security measures so that a remote computing device can communicate with a local computing device over a public communication network.
  • the remote computing device is used to define and request execution of a task or tasks on a device in a private network by way of a secure network interface device surrogate.
  • the remote computing device communicates using standard public communication protocols and is never logged into any local computing device and never has direct contact with a target computing device in a private network.
  • the private network is never exposed to the public communication network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

A secure remote access computing system for executing tasks on a secure private network requested by an unsecured remote computing device connected to the secure private network by way of a public communication network, without exposing any device in the secure private network other than a designated network interface device to the public communication network. The network interface device dynamically generates a custom program containing the necessary network data and user interfaces and verifies the security privileges for the remote computing device, so that a remote user can define the task being executed on the private network by way of the secure network interface device surrogate. The unsecured remote computing device and the secure network interface device communicate by accepted conventions of protocols and commands that are well known and used by other users of the public communication network.

Description

FIELD OF THE INVENTION
This invention relates to the field of secure remote access computing and in particular to a system for supporting secure remote access computing from an unsecured computing device to a secure computing device by way of a public communication network.
PROBLEM
A variety of techniques have been used throughout the history of computing to establish secure access to computing resources on a local computing device from a remote computing device. One technique often used by government facilities and private research facilities is to require the physical presence of a user that intends to use a secure computing device. Requiring the physical presence of a user facilitates a highly secure computing environment and restricting physical access to a computer is relatively easy. However, requiring a user's physical proximity to a computing device severely limits the options for a system administrators, for example, who must provide 24 hour-a-day support for a secure computing device. Even if an off-site administrator has the knowledge and/or authority to deal with a situation on the a given computing device, the situation can not be immediately addressed without remote access. Although the lack of remote access is only an inconvenience if the off-site administrator is only tens of minutes from the secure computing device, the lack of remote access is significant if the off-site user is tens of hours or days away from the computing device and communicating passwords and/or other instructions by a telephone conversation with a local user is a security breach.
One alternative technique for establishing secure remote access to computing equipment in a computing facility is to allow remote access from a remote computing device to a local computing device by way of a private communication medium. The private communication medium might be, for example, a dedicated "hard wired" communication link or a MODulator DEModulator (MODEM) "dial-up" communication link on the private communication medium. One advantage to secure remote access by way of a private communication link is that the local computing device and the remote computing device can remain under exclusive physical control along with the private communication medium therebetween. However, even this type of secure remote access environment can be a significant problem if the remote computing device is not readily available to the off-site user at the off-site user's present location.
Another alternative technique for establishing secure remote access from a remote computing device to a local computing device is to establish remote access by way of an encrypted and/or password protected MODEM dial-up connection over a public communication medium. One advantage of this type of remote access is that the off-site user can establish access to a local computing device from any remote location that offers MODEM access to the public communication medium. Although password protection and/or encryption techniques are widely known and used in the industry, the remote computing device being used must support the type of encryption technique being used by the local computing device. Another disadvantage is that special terminal emulations and/or hardware specific requirements often exist that can preclude the use of simply any remote computing device. Thus, even the added flexibility of using a public communication medium can be severely limited without a remote computing device that meets some minimum of support for specific hardware and/or software requirements.
Another disadvantage of remote access by way of a MODEM dial-up connection over a public communication medium is that any user having a computing device, a MODEM, and access to the public communication medium, can attempt to access the local computing device without permission. Many unauthorized users that have broken into a local computing device have demonstrated that once a user has gained access to or is "into" the local computing device, the unauthorized user may have unrestricted access to many files and even other computing devices in a local network, often leading to destructive or at least disruptive results.
The problem with the above mentioned techniques is that they each have unique requirements that either severely restrict remote access to local computing devices or severely limit the type and/or configuration of remote computing devices that might otherwise be used to remotely access a local computing device or computing facility. For these reasons, there exists an ongoing need for a system that supports secure remote access to a local computing device or facility from anywhere in the world while requiring only a minimum of remote computing device features. Such a system has heretofore not been known prior to the invention as disclosed and claimed below.
SOLUTION
The present invention solves the above stated problems by supplying the necessary computer program intelligence, user interface features, and security measures for a remote computing device to communicate with a secure local computing device over a public communication network connection. The invention allows any unsecured remote computing device to define and execute a task on a local device in a private network by way of a secure network interface device. The secure network interface device is the secure gateway to the private network. The remote computing device and the secure network interface device need only communicate by standard protocols and instructions that are well known and used by users of the public communication network. The remote computing device can be any ordinary unsecure device such as a personal computer that has modem access to the public communication network.
The security of the system results first from password protected access to the secure network interface device and second from a customized real-time program generated by the secure network interface device for execution on the remote computing device. The customized program supplies the remote user with a user interface in which to formulate the desired task and only enough information about the local target computing device or private network for the remote user to formulate the requested task. The remote user is only allowed to formulate a specific task or tasks and the task must be one that the remote user would be authorized to execute if the user were local to the target computing device or private network. For added security, the secure network interface device is the only device that is allowed to execute the requested task on behalf of the remote user. The remote user is never logged into any computing device other than the remote computing device, and the remote user never has direct contact with the target computing device or private network on which the requested task is operating.
Operationally, the remote user of the remote computing device establishes an operable communication link between the remote computing device and the secure network interface device by way of the public communication network. The remote user identifies a task that the remote user wishes to execute on at least one device in the private network. The desired task is communicated to the secure network interface device along with any necessary authorization and/or permissions. The secure network interface device verifies that the remote user has permission to execute such a task or tasks on the desired device of the private network. The secure network interface device dynamically generates a custom program for the remote user to execute to define the parameters necessary to construct an executable task. The defined parameters are communicated back to the secure network interface device where the task is executed by the secure network interface device on behalf of the remote user. The remote user is never allowed direct contact with the target computing device on which the requested task is executed.
In the preferred embodiment, the public communication network is the Internet, also known as the World Wide Web. The remote computing device and secure network interface device communicate over the Internet by way of customized Web pages. The remote user connects to the private network's Internet site on the secure network interface device as identified by the Universal Resource Locator (URL) protocol. The remote user's task preferences are revealed to the secure network interface device and the remote users security privileges are checked to determine what tasks the remote user is allowed to perform on what devices in the private network. If the remote user has the necessary security privileges then the secure network interface device dynamically generates a customized Web page that supplies the remote user with a set of customized program code that includes but is not limited to a Web page user interface any network specific information that is needed for the remote computing device's Web browser to function as a local device would within the private network. The remote user defines the specific activity that is to take place by executing the specified task and the specific activity and any associate parameters are communicated back to the secure network interface device where the task is executed on a target computing device or devices in the private network. The secure network interface device executes the specified task on the private network by way of a secure link to the private network without exposing any device in the private network to the remote user specifically or the open Internet generally.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates a secure remote access computing system configuration in block diagram form; and
FIG. 2 illustrates an overview of the secure remote access computing system operational steps in flow diagram form.
DETAILED DESCRIPTION
System Configuration--FIG. 1
FIG. 1 illustrates a block diagram example of a system configuration 100 for the secure remote access computing system of the present invention. The computing device configuration 100 illustrated in FIG. 1 includes, but is not limited to, a remote computing device 110, a public communication network 120, a local computing device 130, and a target computing device or private network 140.
Remote computing device 110 can be any computing device that supports computing essentials including, but not limited to, a processing complex, a memory, a human readable output device, and a human user controlled input device. A human readable output device typically includes an electronic display device, and a human user controlled input device typically includes a standard keyboard and/or a screen display pointer device often known as a mouse. One additional and essential feature of the remote computing device 110 is that it is configured with whatever minimum requirement of software and/or hardware that is necessary to access another computing device by way of the public communication network 120. Examples of commonly available computing devices that can fill the role of remote computing device 110 include, but are not limited to, a personal computer, a workstation, a multi-user computer, and a network computer. Remote computing device 110 is operatively connected to public communication network 120 by remote communication link 122 that can be either a wire or wireless connection by any means well known and widely used in the communication industry.
Public communication network 120 is any bidirectional network accessible to the general public from computing devices such as remote computing device 110 that is a device widely available to the general consumer public. Connectivity to public communication network 120 is available by way of private server nodes often supported by private corporations, public and private educational institutions, not-for-profit organizations, government installations, or commercial for-profit service providers that are all well known and available in the industry. In one preferred embodiment, the public communication network 120 is commonly referred to as the Internet, also known or loosely referred to as the Net, the Information Super Highway, the World Wide Web, and the Web. The Internet for purposes of the present disclosure, is not to be confused with electronic mail, bulletin boards, or USENET news or discussion groups that often accompany but are not part of and are beyond the scope of the present invention.
The Internet, or the portion thereof that is relevant to the preferred embodiment of the present invention, is the network of computing devices or nodes, whether individually hardware and/or software compatible or not, that communicate or otherwise interact with each other by some combination of protocols and languages. Common Internet protocols and languages include but are not limited to, the Transmission Control Protocol/Internet Protocol (TCP/IP), the Telnet command and terminal emulator protocol, the HyperText Transfer Protocol (HTTP), the HyperText Markup Language (HTML) programming language of the Internet, and the Uniform Resource Locator (URL) protocol for identifying documents on the Internet. A URL document may also be loosely referred to by names including, but not limited to, Web page, Home page, Web site, Internet site, Web address, Location, and Link.
The generic software that is necessary for remote computing device 110 to access documents from the Internet is commonly referred to as a browser or Web browser. A Web browser converts raw HTML coding into a graphical display on a computing device for viewing by a human user. A multitude of commercial Web browsers are readily available in the industry for virtually every computing device designed and/or made publicly available after or about January 1992.
Local computing device 130, also known as an Internet Interface Device (IID) when acting as a private network 140 gateway, has at least the same and typically more computing features and/or capabilities than the remote computing device 110. In addition to the capabilities of remote computing device 110, local computing device 130 supports a publicly accessible Web site having a URL address in the preferred embodiment. The local computing device 130 is operatively connected to public communication network 120 by local communication link 121. Local communication link 121 can be either a wire or wireless connection supported by any of several techniques that are well known and widely used in the communication industry.
Local computing device 130 can be an endpoint target itself and/or it can be operatively connected to private network 140, as in the preferred embodiment, by way of a private network link 145. When connected to a private network, the local computing device 130 is the secure network interface device that acts as a fire wall or gate keeper to control remote access to the private network 140. Local computing device 130 is also the only outside computing device that is allowed to communicate with computing devices within the private network 140 on behalf of any remote computing device including remote computing device 110. Alternatively, local computing device 130 may be considered the only target device with which remote computing device 110 wishes to communicate.
Private network 140 can be any configuration of one or more computing devices having any type of connectivity. In the preferred embodiment, private network 140 is an intranetwork of N computing devices 141-144 interconnected by a Local Area Network (LAN) 145.
Operational Steps--FIG. 2
FIG. 2 illustrates an overview of the secure remote access computing system operational steps 200 in flow diagram form. The operational steps 200 begin at step 208 and proceed to step 215. At step 215 a user that is remote from private network 140 locates a designated local computing device 110 that is capable of communicating with a remote computing device 130 by way of public communication network 120. In the preferred embodiment, the first local computing device 110 is a personal computer or network computer that is configured with a Web browser, a MODEM or other communication device suitable for communicating on remote communication link 122, and sufficient memory and computing power to interact with another computing device over the Internet 120. The advantage of communicating over the Internet 120 is that Web browser equipped computing devices are increasingly prevalent in the business community and in private homes. The result of this proliferation of Web browser equipped computing devices is that a suitable remote computing device 110 can be easily located anywhere in the world.
Having located a suitable remote computing device 110, the remote user establishes communications from the remote computing device 110 to the local computing device 130 at step 221 by way of public communication network 120. In the preferred embodiment, the communication is established by dialing or otherwise contacting an Internet Service Provider (ISP) or other private Internet service connection source that can provide connectivity to the Internet. Once Internet access is established, a request to communicate with the local computing device 130 is made by entering a URL command communicated with the HTTP protocol. A typical URL uses syntax such as "http://www.microsoft.com" for example.
At step 230, the remote user that has established communication from the remote computing device 110 to the local computing device 130, can specify or otherwise request the type of processing capability that is desired to accomplish a particular task on the private network 140 from remote computing device 110. In the preferred embodiment for example, if a network administrator for private network 140 were out of the country when the need for performing a network administration task arose, the network administrator would request from local computing device 110 the processing capability needed to perform a specific administration task. The remote user would make an administrator type request by entering a description of the specific task or by selecting from a Web page supported list of specific tasks that the network administrator is authorized to perform if the network administrator were present at the local computing device 130. Determining the level of the administrator's authorization is accomplished by password protection and/or other similar security authorization code uniquely known only to that individual remote user.
At step 232, the local computing device 130 generates a custom network page that includes custom programs unique to the task requested by the remote user in response to the command request made in step 230. The customized program may include, but is not limited to, data specific to the private network 140, a custom user interface specific to the type of command access requested, and custom program code specifically designed to support information gathering from the remote user and to support executing the requested command or commands on the private network 140 by way of local computing device 130. In the preferred embodiment, the custom programs include a customized Web page that is HTML compatible and that contains custom Web page type interface support and network specific data necessary to supply the remote network administrator with the interface tools and network specific information that are unique to the private network 140. Further, the custom Web page and custom programs are expressly limited to the scope of the requested task that the remote user is authorized to perform. The data specific to the private network 140 may include network configuration details, network administration parameters, and/or machine or node specific information such as passwords or network address information.
At step 238, the local computing device 130 downloads the customized programs of step 232 using standard public communication network 120 protocols and standard network browser programming language code, to the remote computing device 110. The downloaded programs give the remote user the ability to "perform" the desired task by running the downloaded program on the remote computing device 110 host. In the preferred embodiment, the remote user has the same level of access authorization and control over private network 140 as if the remote user were actually sitting in front of and logged onto local computing device 130. The customized Web page of step 232 is delivered to the remote computing device 110 Web browser using standard Internet protocols and HTML programming language code. Thus, the remote computing device 110 that had minimal capability and was previously ignorant of any specific private network details now has all the capability needed to complete the specific task requested by the remote user to the same extent as if the network administrator were entering the commands on local computing device 130 or any other computing device within private network 140.
At step 245, the remote user transmits the instructions, commands, parameters, and/or other information that is necessary for the local computing device 130 to execute the task requested by the remote user. If all authorizations and permissions remain satisfactory at step 254, the local computing device 130 executes the completed command or task on behalf of the remote user. Key to this surrogate relationship is that sensitive tasks, programs, and/or commands are executed by way of a local computing device 130 and its secure communication link 145 to private network 140. Remote computing device 110 never has direct contact with private network 140 and is never logged into the local computing device 130 or any computing device within private network 140. In the preferred embodiment, local computing device 130 acts as a secure Internet Interface Device (IID) that protects each node in private network 140 from direct contact with the open Internet where unauthorized users or pirates might otherwise gain access and damage parts or all of the private network 140.
At step 260, if all processing needs of the remote user have been satisfied, the remote user disconnects the remote computing device 110 from the public communication network 120. Processing stops at step 268.
SUMMARY
The secure remote access computing system supports the necessary intelligence and security measures so that a remote computing device can communicate with a local computing device over a public communication network. The remote computing device is used to define and request execution of a task or tasks on a device in a private network by way of a secure network interface device surrogate. The remote computing device communicates using standard public communication protocols and is never logged into any local computing device and never has direct contact with a target computing device in a private network. The private network is never exposed to the public communication network. Although specific embodiments are disclosed herein, it is expected that persons skilled in the art can and will make, use, and/or sell alternative secure remote access computing systems that are within the scope of the following claims either literally or under the Doctrine of Equivalents.

Claims (36)

What is claimed is:
1. At least one computer readable medium containing computer executable instructions to perform a method comprising:
establishing a communication link between a first computing device and a second computing device by way of a public communication network;
communicating, from said first computing device to said second computing device, a request by a user of said first computing device to execute a task controlled by said second computing device;
verifying on said second computing device that said user of said first computing device is authorized to execute said task;
dynamically generating a customized program on said second computing device that contains data and user interface features necessary for said user of said first computing device to define at least one parameter required to execute said task;
transmitting said customized program from said second computing device to said first computing device;
executing said customized program on said first computing device for said user to define said at least one parameter required to execute said task;
transmitting said at least one parameter required to execute said task from said first computing device to said second computing device; and
executing said task by said second computing device on behalf of said first computing device.
2. A method according to claim 1 wherein said step of establishing includes:
transmitting a Universal Resource Locator style command from said first computing device that uniquely identifies said second computing device using a Hyper Text Transfer Protocol style communication protocol over said public communication network without said user of said first computing device having log-on access to said second computing device; and
responding from said second computing device to said first computing device to confirm that operable communications exist between said first computing device and said second computing device.
3. A method according to claim 1 wherein said task is an administration type task directed toward at least one computing device selected from a group comprising: said second computing device and at least one node of a private network that is operatively connected to said second computing device as a gateway to said private network.
4. A method according to claim 1 wherein said task is any computing operation operable on at least one target computing device selected from a group comprising: said second computing device and at least one node of a private network that is operatively connected to said second computing device as a gateway to said private network.
5. A method according to claim 1 wherein said step of dynamically generating includes:
identifying a minimum set of data and user interface features necessary for said user of said first computing device to define an executable one of said task; and
generating a custom Web page available only to said user of said first computing device that contains said minimum set of data and user interface features.
6. A computer-readable storage device containing instructions for controlling a computer system to perform steps according to claim 1.
7. A method comprising:
establishing a communication link between a remote computing device and a secure network interface to a private network by way of a public communication network;
communicating, from said remote computing device to said secure network interface, a request by a user of said remote computing device to execute a network administration task on at least one node of said private network;
executing, in response to said request, said task by said secure network interface on behalf of said at least one node of said private network without said user of said remote computing device having direct log-on access to any of said at least one node of said private network;
generating, in response to said request to execute said task, a custom program on said secure network interface that contains data and user interface features unique to said task;
verifying that said user of said remote computing device is authorized to execute said task;
downloading said custom program from said secure network interface to said remote computing device;
executing said custom program on said remote computing device for said user to define said at least one parameter necessary to execute said task; and
transmitting said at least one parameter necessary to execute said task from said remote computing device to said secure network interface.
8. A computer-readable storage device containing instructions for controlling a computer system to perform steps according to claim 7.
9. The method of claim 7, wherein the generated custom program contains data specific to the private network.
10. The method of claim 9, wherein the data specific to the private network includes network configuration details, network administration parameters, network address information, passwords, or node specific information.
11. A secure remote access network administration system using a public communication network comprising:
a remote computing device having a network browsing program and access to said public communication network;
a private network having a plurality of computing devices therein;
a network interface device supporting service for a publicly accessible Web page, said network interface device also having access to said public communication network and supporting a private communication link to said private network;
means for establishing a communication link between said remote computing device and said network interface device;
means for communicating, from said remote computing device to said network interface device, a request by a user of said remote computing device to execute an administrative task on at least one of said plurality of computing devices in said private network;
means for verifying on said network interface device that said user of said remote computing device is authorized to execute said administrative task;
means for dynamically generating a custom Web page on said network interface device that is unique to said administrative task and contains only enough data and user interface features as are required for said user of said remote computing device to define at least one parameter necessary to construct an executable one of said administrative task;
means for transmitting said custom Web page from said network interface device to said remote computing device;
means for executing said custom Web page on said remote computing device for said user to define said at least one parameter necessary to construct an executable one of said administrative task;
means for transmitting said at least one parameter from said remote computing device to said network interface device; and
means for executing said administrative task, in response to said request, by said network interface device on behalf of said at least one of said plurality of computing devices in said private network without said user of said remote computing device being logged onto said network interface device as a network interface device user and without having direct access to any one of said plurality of computing devices in said private network.
12. A system according to claim 11 wherein said means for establishing includes:
means for locating a remote computing device with operable access to said public communication network;
means for communicating on said public communication network by way of an accepted communication protocol standards; and
means for locating said network interface device by way of a Universal Resource Locator style command that uniquely identifies said network interface device using a Hyper Text Transfer Protocol style communication protocol.
13. A system according to claim 12 wherein said means for dynamically generating includes:
means for determining a minimum set of private network data that is required to perform said administrative task;
means for extracting said minimum set of private network data from said private network; and
means for generating a custom user interface program based on said minimum set of private network data and at least one informational parameter prompt for completion by said user of said remote computing device.
14. A system according to claim 13 including:
means for shielding said plurality of computing devices in said private network from direct access from said remote device over said public communication network.
15. A method for executing a task on a secure local computing device on behalf of at least one of a plurality of secure computing devices in a private network, in response to a request to execute said task that is communicated over a public communication network to said secure local computing device by an unsecured remote computing device, said method comprising:
verifying, on said secure local computing device in response to said request, a permission for a user of said unsecured remote computing device to request execution of said task;
dynamically generating, on said secure local computing device, a custom user interface in a custom program unique to specific variables needed to execute only said task;
executing said custom user interface in said custom program on said unsecured remote computing device to define parameters needed to execute said task;
communicating said parameters from said unsecured remote computing device to said secure local computing device for execution on said secure local computing device; and
executing said task on said secure local computing device.
16. A method according to claim 15 wherein said step of dynamically generating includes:
determining a minimum set of private network data that is relevant to said task and needed by said user to define said parameters unique to said task;
extracting said minimum set of private network data from said private network;
integrating said minimum set of private network data into said custom user interface in said custom program to prompt said user for only said parameters needed to generate an executable one of said task; and
generating an executable one of said task from said parameters supplied by said user.
17. A computer-readable medium having computer-executable instructions stored thereon, said computer-executable instructions performing steps comprising:
receiving at least one first message from a remote computer over a public communications system identifying a user process of the remote computer;
authorizing the user process in response to the first message;
transmitting at least one second message to the remote computer over the public communications system to identify devices in a private network and network administration tasks for execution on the identified devices;
receiving at least one third message from the remote computer over a public communications system indicating selected network administration tasks and selected devices from the identified tasks and devices;
generating selected information comprising network administration tasks capable of being performed and selected devices information for the user process;
transmitting at least one fourth message containing at least part of the generated selected information to the user process over the public communications system;
receiving at least one fifth message from the user process over a public communications system including at least one parameter for performing one of the selected tasks on one of the selected devices; and
initiating the performance of one of the selected tasks on one of the selected devices.
18. The method of claim 17, wherein the at least one second message includes private network configuration details, network administration parameters, network address information, passwords, or node specific information.
19. A method for accessing a private network by way of a public network, comprising:
providing a secure network interface device as a connection between a private network and a public network;
receiving a request from a user of a first computing device at said secure network interface device for the capability to perform a computing task on said private network by way of said public network;
dynamically generating and transmitting a program from the secure network interface device to the first computing device, said program providing the user with the capability to perform the requested computing task, said program having data and a user interface feature necessary for said user to define at least one parameter and limiting the requestor's capability to perform computing tasks not authorized by the program;
receiving a second request comprising said at least one parameter at the secure network interface from the requestor by way of the program to perform the computing task on the private network; and
initiating the performance of the computing task on the private network by way of the secure network interface device.
20. The method as recited in claim 19 wherein the public network comprises the Internet.
21. The method as recited in claim 19 wherein the private network comprises a local area network.
22. The method as recited in claim 21 wherein said computing task comprises a task performable by an administrative level user.
23. The method as recited in claim 19 wherein the program transmitted comprises a web page.
24. A computer readable medium bearing computer readable instructions, said instructions being capable of carrying out the steps recited in claim 19.
25. A system for providing secure access to a private network, comprising:
a private network of computing devices;
a secure network interface device coupled between said private network and a public network; and
a network interface computing operation disposed on said secure network for controlling access to the private network of computing devices, said network interface computing operation comprising computer executable instructions for: providing a set of authorized computing tasks that can be performed on the private network by way of the secure network interface; receiving a request from a user of a first computing device over a public network, said request requesting the performance of a specified one of the authorized computing tasks; dynamically generating and transmitting a program to a requestor of the performance of the specified one of the authorized computing tasks wherein said program provides data and user interface features necessary for the user of said first computing device to define at least one parameter that can be specified in performance of said task; and performing said task after receiving the specified at least one parameter from the program.
26. The system as recited in claim 25 wherein the public network comprises the Internet.
27. The system as recited in claim 25 wherein the private network comprises a local area network.
28. The system as recited in claim 25 wherein the program transmitted comprises a web page.
29. The system as recited in claim 25 wherein said computing task comprises a task performable by an administrative level user.
30. The system as recited in claim 25 wherein the set of authorized computing tasks is determined by the requestor's authorization level.
31. A method for use on a secure network interface device for providing accessing to a private network via a connection to a public network, comprising:
providing a set of specific authorized tasks capable of being performed on said private network by way of said public network;
receiving a request from a user of a first computing device over the public network, said request requesting the performance of one of said specific authorized tasks;
dynamically generating and transmitting a program to the first computing device, said program providing data and a user interface feature necessary for said to user to specify at least one parameter in performing said one of specific authorized tasks;
receiving said at least one parameter; and
performing said one of said specific authorized tasks on said private network.
32. The method as recited in claim 31 wherein the public network comprises the Internet.
33. The method as recited in claim 31 wherein the private network comprises a local area network.
34. The method as recited in claim 31 wherein the program transmitted comprises a web page.
35. The method as recited in claim 31 wherein said specific authorized tasks comprise tasks performable by an administrative level user.
36. The method as recited in claim 31 wherein the set of specific authorized tasks is based upon the authorization level of the requestor.
US08/822,303 1997-03-21 1997-03-21 Secure remote access computing system Expired - Lifetime US6154843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US08/822,303 US6154843A (en) 1997-03-21 1997-03-21 Secure remote access computing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US08/822,303 US6154843A (en) 1997-03-21 1997-03-21 Secure remote access computing system

Publications (1)

Publication Number Publication Date
US6154843A true US6154843A (en) 2000-11-28

Family

ID=25235690

Family Applications (1)

Application Number Title Priority Date Filing Date
US08/822,303 Expired - Lifetime US6154843A (en) 1997-03-21 1997-03-21 Secure remote access computing system

Country Status (1)

Country Link
US (1) US6154843A (en)

Cited By (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020018487A1 (en) * 2000-04-06 2002-02-14 Song Chen Virtual machine interface for hardware reconfigurable and software programmable processors
US20020049899A1 (en) * 1998-09-01 2002-04-25 Stacy Kenworthy Network attached device with dedicated firewall security
US20020116644A1 (en) * 2001-01-30 2002-08-22 Galea Secured Networks Inc. Adapter card for wirespeed security treatment of communications traffic
US6446192B1 (en) * 1999-06-04 2002-09-03 Embrace Networks, Inc. Remote monitoring and control of equipment over computer networks using a single web interfacing chip
US6453353B1 (en) * 1998-07-10 2002-09-17 Entrust, Inc. Role-based navigation of information resources
WO2002084970A2 (en) * 2001-04-10 2002-10-24 Kronofusion.Com Technologies Inc. System enabling remote access of a computing system
US20020188854A1 (en) * 2001-06-08 2002-12-12 John Heaven Biometric rights management system
US20030014529A1 (en) * 2001-07-12 2003-01-16 Simpson Shell Sterling Mediated access to production device options in a distributed environment
US6529513B1 (en) * 1998-02-04 2003-03-04 Alcatel Canada Inc. Method of using static maps in a virtual private network
US20030046586A1 (en) * 2001-09-05 2003-03-06 Satyam Bheemarasetti Secure remote access to data between peers
US6553422B1 (en) * 1999-04-26 2003-04-22 Hewlett-Packard Development Co., L.P. Reverse HTTP connections for device management outside a firewall
US20030088783A1 (en) * 2001-11-06 2003-05-08 Dipierro Massimo Systems, methods and devices for secure computing
US20030131070A1 (en) * 2002-01-10 2003-07-10 International Business Machines Corporation Customization of information from web sites
US6598090B2 (en) * 1998-11-03 2003-07-22 International Business Machines Corporation Centralized control of software for administration of a distributed computing environment
US20030217166A1 (en) * 2002-05-17 2003-11-20 Mario Dal Canto System and method for provisioning universal stateless digital and computing services
US6658453B1 (en) * 1998-05-28 2003-12-02 America Online, Incorporated Server agent system
US20040260953A1 (en) * 2003-06-18 2004-12-23 Microsoft Corporation Password synchronization in a sign-on management system
US20050005094A1 (en) * 2003-06-18 2005-01-06 Microsoft Corporation System and method for unified sign-on
US6865732B1 (en) * 1999-11-01 2005-03-08 Hewlett-Packard Development Company, L.P. Providing an embedded application specific web server
US20050203836A1 (en) * 2004-03-12 2005-09-15 Sybase, Inc. Hierarchical Entitlement System with Integrated Inheritance and Limit Checks
US20050238034A1 (en) * 2004-04-12 2005-10-27 Brian Gillespie System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
US20050254652A1 (en) * 2002-07-16 2005-11-17 Haim Engler Automated network security system and method
US20050262356A1 (en) * 2004-01-08 2005-11-24 Peter Sandiford Method and system for secure remote access to computer systems and networks
US20060010422A1 (en) * 2000-03-16 2006-01-12 Silicon Graphics, Inc. Common user interface development toolkit for a system administration program
US20060218413A1 (en) * 2005-03-22 2006-09-28 International Business Machines Corporation Method of introducing physical device security for digitally encoded data
US20060242278A1 (en) * 2003-04-02 2006-10-26 Jeffrey Hawkins System and method for enabling a person to switch use of computing devices
US20070011091A1 (en) * 2004-03-12 2007-01-11 Sybase, Inc. Hierarchical entitlement system with integrated inheritance and limit checks
US20070024583A1 (en) * 2002-02-28 2007-02-01 Gettemy Shawn R Extension Device of Handheld Computing Device
US20070061460A1 (en) * 2005-03-24 2007-03-15 Jumpnode Systems,Llc Remote access
US20070124814A1 (en) * 2005-10-31 2007-05-31 Lpi Level Platforms Inc. method for providing remote managment of computer systems
US7275259B2 (en) 2003-06-18 2007-09-25 Microsoft Corporation System and method for unified sign-on
US7290236B1 (en) * 2000-06-12 2007-10-30 Altera Corporation Configuration and/or reconfiguration of integrated circuit devices that include programmable logic and microprocessor circuitry
US20080256133A1 (en) * 2001-03-01 2008-10-16 Richad Frankland Integrated Change Management Unit
US20080309665A1 (en) * 2007-06-13 2008-12-18 3D Systems, Inc., A California Corporation Distributed rapid prototyping
US7584093B2 (en) 2005-04-25 2009-09-01 Microsoft Corporation Method and system for generating spelling suggestions
US20090228962A1 (en) * 2008-03-06 2009-09-10 Sharp Laboratories Of America, Inc. Access control and access tracking for remote front panel
US7831911B2 (en) 2006-03-08 2010-11-09 Microsoft Corporation Spell checking system including a phonetic speller
US8190651B2 (en) 2009-06-15 2012-05-29 Nxstage Medical, Inc. System and method for identifying and pairing devices
US8201237B1 (en) 2008-12-10 2012-06-12 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US8230050B1 (en) * 2008-12-10 2012-07-24 Amazon Technologies, Inc. Providing access to configurable private computer networks
US20120204088A1 (en) * 1999-04-19 2012-08-09 Enpulz, Llc User interface system with link support searching
US8595753B2 (en) 2000-04-06 2013-11-26 Infineon Technologies Ag Virtual machine interface for hardware reconfigurable and software programmable processors
US20140304612A1 (en) * 2011-12-28 2014-10-09 Nokia Corporation Application switcher
US9137209B1 (en) 2008-12-10 2015-09-15 Amazon Technologies, Inc. Providing local secure network access to remote services
US20160026785A1 (en) * 2009-01-06 2016-01-28 Vetrix, Llc Integrated physical and logical security management via a portable device
US9400881B2 (en) 2006-04-25 2016-07-26 Vetrix, Llc Converged logical and physical security
US9524167B1 (en) 2008-12-10 2016-12-20 Amazon Technologies, Inc. Providing location-specific network access to remote services
US9983771B2 (en) 2011-12-28 2018-05-29 Nokia Technologies Oy Provision of an open instance of an application
US10171720B2 (en) 2011-12-28 2019-01-01 Nokia Technologies Oy Camera control application
US11438732B2 (en) 2009-03-06 2022-09-06 Vetrix, Llc Systems and methods for mobile tracking, communications and alerting

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5515508A (en) * 1993-12-17 1996-05-07 Taligent, Inc. Client server system and method of operation including a dynamically configurable protocol stack
US5550984A (en) * 1994-12-07 1996-08-27 Matsushita Electric Corporation Of America Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US5642515A (en) * 1992-04-17 1997-06-24 International Business Machines Corporation Network server for local and remote resources
US5649190A (en) * 1994-06-14 1997-07-15 Harris Corporation Multi-model database system for dynamic creation and maintenance of complex objects in a real time environment
US5715823A (en) * 1996-02-27 1998-02-10 Atlantis Diagnostics International, L.L.C. Ultrasonic diagnostic imaging system with universal access to diagnostic information and images
US5797015A (en) * 1995-04-18 1998-08-18 Pitney Bowes Inc. Method of customizing application software in inserter systems
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US5642515A (en) * 1992-04-17 1997-06-24 International Business Machines Corporation Network server for local and remote resources
US5515508A (en) * 1993-12-17 1996-05-07 Taligent, Inc. Client server system and method of operation including a dynamically configurable protocol stack
US5649190A (en) * 1994-06-14 1997-07-15 Harris Corporation Multi-model database system for dynamic creation and maintenance of complex objects in a real time environment
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5550984A (en) * 1994-12-07 1996-08-27 Matsushita Electric Corporation Of America Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US5797015A (en) * 1995-04-18 1998-08-18 Pitney Bowes Inc. Method of customizing application software in inserter systems
US5715823A (en) * 1996-02-27 1998-02-10 Atlantis Diagnostics International, L.L.C. Ultrasonic diagnostic imaging system with universal access to diagnostic information and images
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture

Cited By (96)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6529513B1 (en) * 1998-02-04 2003-03-04 Alcatel Canada Inc. Method of using static maps in a virtual private network
US6658453B1 (en) * 1998-05-28 2003-12-02 America Online, Incorporated Server agent system
US6453353B1 (en) * 1998-07-10 2002-09-17 Entrust, Inc. Role-based navigation of information resources
US8892600B2 (en) 1998-09-01 2014-11-18 Robust Networks, Llc Network attached device with dedicated firewall security
US20020049899A1 (en) * 1998-09-01 2002-04-25 Stacy Kenworthy Network attached device with dedicated firewall security
US7739302B2 (en) * 1998-09-01 2010-06-15 Stacy Kenworthy Network attached device with dedicated firewall security
US20100242098A1 (en) * 1998-09-01 2010-09-23 Robust Networks, Llc Network attached device with dedicated firewall security
US8306994B2 (en) * 1998-09-01 2012-11-06 Robust Networks, Llc Network attached device with dedicated firewall security
US6598090B2 (en) * 1998-11-03 2003-07-22 International Business Machines Corporation Centralized control of software for administration of a distributed computing environment
US9542686B2 (en) 1998-12-18 2017-01-10 Applications In Internet Time, Llc Integrated change management unit
US9286612B2 (en) 1998-12-18 2016-03-15 Applications In Internet Time, Llc Integrated change management unit
US10616286B2 (en) 1998-12-18 2020-04-07 Applications In Internet Time LLC Integrated change management unit
US9070166B2 (en) 1999-04-19 2015-06-30 Enpluz, LLC Centralized, online multi-seller interface system
US9053514B2 (en) 1999-04-19 2015-06-09 Enpluz, LLC System supporting promotion browsing and searching
US9082153B2 (en) 1999-04-19 2015-07-14 Enpluz, LLC Web search and promotion search engine integration
US9224170B2 (en) 1999-04-19 2015-12-29 Rpx Corporation Sales channel management infrastructure
US20120204088A1 (en) * 1999-04-19 2012-08-09 Enpulz, Llc User interface system with link support searching
US6553422B1 (en) * 1999-04-26 2003-04-22 Hewlett-Packard Development Co., L.P. Reverse HTTP connections for device management outside a firewall
US6446192B1 (en) * 1999-06-04 2002-09-03 Embrace Networks, Inc. Remote monitoring and control of equipment over computer networks using a single web interfacing chip
US6865732B1 (en) * 1999-11-01 2005-03-08 Hewlett-Packard Development Company, L.P. Providing an embedded application specific web server
US20060010422A1 (en) * 2000-03-16 2006-01-12 Silicon Graphics, Inc. Common user interface development toolkit for a system administration program
US7703107B2 (en) * 2000-04-06 2010-04-20 Infineon Technologies Ag Virtual machine interface for hardware reconfigurable and software programmable processors
US8595753B2 (en) 2000-04-06 2013-11-26 Infineon Technologies Ag Virtual machine interface for hardware reconfigurable and software programmable processors
US20020018487A1 (en) * 2000-04-06 2002-02-14 Song Chen Virtual machine interface for hardware reconfigurable and software programmable processors
US7290236B1 (en) * 2000-06-12 2007-10-30 Altera Corporation Configuration and/or reconfiguration of integrated circuit devices that include programmable logic and microprocessor circuitry
US20020116644A1 (en) * 2001-01-30 2002-08-22 Galea Secured Networks Inc. Adapter card for wirespeed security treatment of communications traffic
US20080256133A1 (en) * 2001-03-01 2008-10-16 Richad Frankland Integrated Change Management Unit
WO2002084970A2 (en) * 2001-04-10 2002-10-24 Kronofusion.Com Technologies Inc. System enabling remote access of a computing system
WO2002084970A3 (en) * 2001-04-10 2003-04-17 Kronofusion Com Technologies I System enabling remote access of a computing system
US20020188854A1 (en) * 2001-06-08 2002-12-12 John Heaven Biometric rights management system
US7003670B2 (en) 2001-06-08 2006-02-21 Musicrypt, Inc. Biometric rights management system
US20030014529A1 (en) * 2001-07-12 2003-01-16 Simpson Shell Sterling Mediated access to production device options in a distributed environment
US20030046586A1 (en) * 2001-09-05 2003-03-06 Satyam Bheemarasetti Secure remote access to data between peers
US20030088783A1 (en) * 2001-11-06 2003-05-08 Dipierro Massimo Systems, methods and devices for secure computing
US20030131070A1 (en) * 2002-01-10 2003-07-10 International Business Machines Corporation Customization of information from web sites
US7911445B2 (en) 2002-02-28 2011-03-22 Hewlett-Packard Development Company, L.P. Extension device of handheld computing device
US20070024583A1 (en) * 2002-02-28 2007-02-01 Gettemy Shawn R Extension Device of Handheld Computing Device
CN100407186C (en) * 2002-05-17 2008-07-30 Xds有限公司 System and method for provisioning universal stateless digital and computing services
US20080072298A1 (en) * 2002-05-17 2008-03-20 Xds Inc. System and method for provisioning universal stateless digital and computing services
US20110093940A1 (en) * 2002-05-17 2011-04-21 Simtone Corporation (F/K/A Xds, Inc.) System and method for provisioning universal stateless digital and computing services
US20080071860A1 (en) * 2002-05-17 2008-03-20 Xds Inc. System and method for provisioning universal stateless digital and computing services
WO2003100642A1 (en) * 2002-05-17 2003-12-04 Xds, Inc. System and method for provisioning universal stateless digital and computing services
US20030217166A1 (en) * 2002-05-17 2003-11-20 Mario Dal Canto System and method for provisioning universal stateless digital and computing services
US7363363B2 (en) 2002-05-17 2008-04-22 Xds, Inc. System and method for provisioning universal stateless digital and computing services
US7783701B2 (en) 2002-05-17 2010-08-24 Simtone Corporation System and method for provisioning universal stateless digital and computing services
US20050254652A1 (en) * 2002-07-16 2005-11-17 Haim Engler Automated network security system and method
US7844297B2 (en) 2003-04-02 2010-11-30 Palm, Inc. Task switch between two computing devices
US20100042733A1 (en) * 2003-04-02 2010-02-18 Palm, Inc. Task switch between two computing devices
US7623892B2 (en) * 2003-04-02 2009-11-24 Palm, Inc. System and method for enabling a person to switch use of computing devices
US20060242278A1 (en) * 2003-04-02 2006-10-26 Jeffrey Hawkins System and method for enabling a person to switch use of computing devices
US8175644B1 (en) 2003-04-02 2012-05-08 Hewlett-Packard Development Company, L.P. Task switching between two computing devices
US8175643B1 (en) 2003-04-02 2012-05-08 Hewlett-Packard Development Company, L.P. Switching states between two computing devices
US8103308B2 (en) 2003-04-02 2012-01-24 Hewlett-Packard Development Company, L.P. Task switching between two computing devices
US20050005094A1 (en) * 2003-06-18 2005-01-06 Microsoft Corporation System and method for unified sign-on
US7251732B2 (en) 2003-06-18 2007-07-31 Microsoft Corporation Password synchronization in a sign-on management system
US20040260953A1 (en) * 2003-06-18 2004-12-23 Microsoft Corporation Password synchronization in a sign-on management system
US7275259B2 (en) 2003-06-18 2007-09-25 Microsoft Corporation System and method for unified sign-on
US7392536B2 (en) 2003-06-18 2008-06-24 Microsoft Corporation System and method for unified sign-on
US20050262356A1 (en) * 2004-01-08 2005-11-24 Peter Sandiford Method and system for secure remote access to computer systems and networks
US8478668B2 (en) 2004-03-12 2013-07-02 Sybase, Inc. Hierarchical entitlement system with integrated inheritance and limit checks
US20050203836A1 (en) * 2004-03-12 2005-09-15 Sybase, Inc. Hierarchical Entitlement System with Integrated Inheritance and Limit Checks
US7797239B2 (en) 2004-03-12 2010-09-14 Sybase, Inc. Hierarchical entitlement system with integrated inheritance and limit checks
US20070011091A1 (en) * 2004-03-12 2007-01-11 Sybase, Inc. Hierarchical entitlement system with integrated inheritance and limit checks
US20050238034A1 (en) * 2004-04-12 2005-10-27 Brian Gillespie System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
US20110066739A1 (en) * 2004-04-12 2011-03-17 Simtone Corporation (F/K/A Xds, Inc.) System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
US20060218413A1 (en) * 2005-03-22 2006-09-28 International Business Machines Corporation Method of introducing physical device security for digitally encoded data
US20070061460A1 (en) * 2005-03-24 2007-03-15 Jumpnode Systems,Llc Remote access
US7584093B2 (en) 2005-04-25 2009-09-01 Microsoft Corporation Method and system for generating spelling suggestions
US20070124814A1 (en) * 2005-10-31 2007-05-31 Lpi Level Platforms Inc. method for providing remote managment of computer systems
US8042169B2 (en) 2005-10-31 2011-10-18 LPI Level Platforms, Ltd. Method for providing remote management of computer systems
US7831911B2 (en) 2006-03-08 2010-11-09 Microsoft Corporation Spell checking system including a phonetic speller
US9400881B2 (en) 2006-04-25 2016-07-26 Vetrix, Llc Converged logical and physical security
US20080309665A1 (en) * 2007-06-13 2008-12-18 3D Systems, Inc., A California Corporation Distributed rapid prototyping
US20090228962A1 (en) * 2008-03-06 2009-09-10 Sharp Laboratories Of America, Inc. Access control and access tracking for remote front panel
US9374341B2 (en) 2008-12-10 2016-06-21 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US11831496B2 (en) 2008-12-10 2023-11-28 Amazon Technologies, Inc. Providing access to configurable private computer networks
US9137209B1 (en) 2008-12-10 2015-09-15 Amazon Technologies, Inc. Providing local secure network access to remote services
US8578003B2 (en) 2008-12-10 2013-11-05 Amazon Technologies, Inc. Providing access to configurable private computer networks
US8230050B1 (en) * 2008-12-10 2012-07-24 Amazon Technologies, Inc. Providing access to configurable private computer networks
US8201237B1 (en) 2008-12-10 2012-06-12 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US10951586B2 (en) 2008-12-10 2021-03-16 Amazon Technologies, Inc. Providing location-specific network access to remote services
US8844020B2 (en) 2008-12-10 2014-09-23 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US10868715B2 (en) 2008-12-10 2020-12-15 Amazon Technologies, Inc. Providing local secure network access to remote services
US9521037B2 (en) 2008-12-10 2016-12-13 Amazon Technologies, Inc. Providing access to configurable private computer networks
US9524167B1 (en) 2008-12-10 2016-12-20 Amazon Technologies, Inc. Providing location-specific network access to remote services
US11290320B2 (en) 2008-12-10 2022-03-29 Amazon Technologies, Inc. Providing access to configurable private computer networks
US9756018B2 (en) 2008-12-10 2017-09-05 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US10728089B2 (en) 2008-12-10 2020-07-28 Amazon Technologies, Inc. Providing access to configurable private computer networks
US20160026785A1 (en) * 2009-01-06 2016-01-28 Vetrix, Llc Integrated physical and logical security management via a portable device
US11438732B2 (en) 2009-03-06 2022-09-06 Vetrix, Llc Systems and methods for mobile tracking, communications and alerting
US8909613B2 (en) 2009-06-15 2014-12-09 Nxstage Medical, Inc. System and method for identifying and pairing devices
US8190651B2 (en) 2009-06-15 2012-05-29 Nxstage Medical, Inc. System and method for identifying and pairing devices
US10171720B2 (en) 2011-12-28 2019-01-01 Nokia Technologies Oy Camera control application
US9983771B2 (en) 2011-12-28 2018-05-29 Nokia Technologies Oy Provision of an open instance of an application
US9479568B2 (en) * 2011-12-28 2016-10-25 Nokia Technologies Oy Application switcher
US20140304612A1 (en) * 2011-12-28 2014-10-09 Nokia Corporation Application switcher

Similar Documents

Publication Publication Date Title
US6154843A (en) Secure remote access computing system
CN100437530C (en) Method and system for providing secure access to private networks with client redirection
US6438600B1 (en) Securely sharing log-in credentials among trusted browser-based applications
AU2001280975B2 (en) Systems and methods for authenticating a user to a web server
US6134591A (en) Network security and integration method and system
US8275791B2 (en) Process for executing a downloadable service receiving restrictive access rights to at least one profile file
JP4108461B2 (en) Authentication system, authentication distribution server, authentication method and program
CN103944890B (en) Virtual interaction system based on customer end/server mode and method
US6490626B1 (en) Browser system
US5908469A (en) Generic user authentication for network computers
US7373662B2 (en) Secure resource access
JP2002334056A (en) Login agency system and login agency method
JP2003186764A (en) Communication network with controlled access to web resources
CN1210308A (en) Applet redirection for controlled access to non-originating hosts
CN101547202B (en) Method and device for processing security level of device on the net
US7752438B2 (en) Secure resource access
KR102118380B1 (en) An access control system of controlling server jobs by users
KR20080036837A (en) How to store login information of websites, how to log in automatically using them, and recordable media that can be read by the computer that recorded the program for them.
KR100777537B1 (en) Platform system and integrated management method for integrated management of distributed network system
JP2003330822A (en) Data relay system having web connection/data relay regulating function and control method for the regulation
KR101074068B1 (en) Authentication method and apparatus for home network service
KR20060067732A (en) Service logout system and method in single authentication service using interworking identity
WO2019106938A1 (en) Illegal access prevention function device, illegal access prevention function system, network security monitoring method, and illegal access prevention program
JP2004078622A (en) Integrated management of user certification
KR101165061B1 (en) Web service use permission system and method there of

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HART, EDWARD C., JR.;KIERNAN, CASEY LANG;RAJARAJAN, VIJ;REEL/FRAME:008600/0160

Effective date: 19970317

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034541/0001

Effective date: 20141014